12345

6/10/2011

[Warning] Detected malicious file disguised an android’s PPXIU game from China

1. Introduction

Recently in China, and Russia, Android malicious applications are rapidly growing and smartphone security threats are getting bigger. "INCA Internet Response Team collects almost every new foreign malicious files, enough to respond as a large quantity is steadily increasing." Yet official domestic damage collecting hasn’t been set, unofficial cases are spreading gradually. According to this growth, INCA Internet Response Team is watching the status with the possibility to be spread widely.










2. Spreading path and symptoms of infection

* Malicious file disguised as a normal game in China

PPXIU (http://www.ppxiu.com/) is known as China's first interactive gaming community, And this following figures are normal screen of the original Android game.


INCA Internet Response Team found malicious file disguised as a PPXIU, Android game.
This malicious application needs the following rights at the time of installation



As a result after testing between malicious file and normal file in same mobile phones, INCA Internet Response Team found that some characters of malicious file were broken while performing installation as follows.


Malicious files tries to send text messages using premium text messages to a specific phone number, so the user can be caused billing. But this number is estimated to be in Chinese internal telephone numbers for local, further analysis is underway.

* Premium Rate Numbers

- 8613800755500
- 1065800885566

In addition, a malicious file tries to leaking IMEI, IMSI information of android phone out to an Chinese specific Web site.

http://axy.waplove.cn:8080/Wukong/android/android.dbug.php

nProtect Mobile for ANDROID products detected as Trojan-Spy/Android.FakePPx.A. In addition, we also found other variant malicious sample and can be detected Trojan-Spy/Android.FakePPx.A.

3. How to prevent

This malicious game application designed to target users in China, So, its overseas damage except China has not been reported. Because of the characteristic of smartphone applications, installing overseas’ application is relatively easy. But, with a possibility of emerging this kind of malicious applications remains as a threat. Also, in case of malicious application using repackaging, double packaging, it can install malicious application by stealth.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats

* Diagnosis name

- Trojan-Spy/Android.FakePPx.A

1 comment:

  1. phone call recording equipment

    Well, the post is actually the freshest on this worthy topic. I fit in with your conclusions and will eagerly look forward to your incoming updates. Saying thanks will not just be sufficient, for the tremendous clarity in your writing. I will at once grab your rss feed to stay informed of any updates. Admirable work and much success in your business dealings!

    ReplyDelete